Networking in Exclusive-IP Non-Global Zones

An exclusive-IP zone has its own IP-related state. The zone is assigned its
own set of data-links when the zone is configured.

Packets are transmitted on the physical link. Then, devices like Ethernet switches or
IP routers can forward the packets toward their destination, which might be a
different zone on the same machine as the sender.

For virtual links, the packet is first sent to a virtual switch.
If the destination link is over the same device, such as a VNIC
on the same physical link or etherstub, the packet will go directly to
the destination VNIC. Otherwise, the packet will go out the physical link underlying
the VNIC.

Exclusive-IP Zone Partitioning

Exclusive-IP zones have separate TCP/IP stacks, so the separation reaches down to the
data-link layer. One or more data-link names, which can be a NIC or
a VLAN on a NIC, are assigned to an exclusive-IP zone by
the global administrator. The zone administrator can configure IP on those data-links with
the same flexibility and options as in the global zone.

Exclusive-IP Data-Link Interfaces

A data-link name must be assigned exclusively to a single zone.

The dladmshow-link command can be used to display data-links assigned to running
zones.

IP Traffic Between Exclusive-IP Zones on the Same Machine

There is no internal loopback of IP packets between exclusive-IP zones. All packets
are sent down to the data-link. Typically, this means that the packets
are sent out on a network interface. Then, devices like Ethernet switches or
IP routers can forward the packets toward their destination, which might be a
different zone on the same machine as the sender.

Oracle Solaris IP Filter in Exclusive-IP Zones

You have the same IP Filter functionality that you have in the
global zone in an exclusive-IP zone. IP Filter is also configured the same
way in exclusive-IP zones and the global zone.

IP Network Multipathing in Exclusive-IP Zones

IP network multipathing (IPMP) provides physical interface failure detection and transparent network access
failover for a system with multiple interfaces on the same IP link. IPMP
also provides load spreading of packets for systems with multiple interfaces.

The data-link configuration is done in the global zone. First, multiple data-link interfaces
are assigned to a zone using zonecfg. The multiple data-link interfaces must be
attached to the same IP subnet. IPMP can then be configured from within
the exclusive-IP zone by the zone administrator.